<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200410-05"> <title>Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities</title> <synopsis> Cyrus-SASL contains two vulnerabilities that might allow an attacker to completely compromise the vulnerable system. </synopsis> <product type="ebuild">Cyrus-SASL</product> <announced>2004-10-07</announced> <revised count="02">2006-05-22</revised> <bug>56016</bug> <access>remote</access> <affected> <package name="dev-libs/cyrus-sasl" auto="yes" arch="*"> <unaffected range="ge">2.1.18-r2</unaffected> <vulnerable range="le">2.1.18-r1</vulnerable> </package> </affected> <background> <p> Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. </p> </background> <description> <p> Cyrus-SASL contains a remote buffer overflow in the digestmda5.c file. Additionally, under certain conditions it is possible for a local user to exploit a vulnerability in the way the SASL_PATH environment variable is honored (CAN-2004-0884). </p> </description> <impact type="high"> <p> An attacker might be able to execute arbitrary code with the Effective ID of the application calling the Cyrus-SASL libraries. </p> </impact> <workaround> <p> There is no known workaround at this time. </p> </workaround> <resolution> <p> All Cyrus-SASL users should upgrade to the latest stable version: </p> <code> # emerge sync # emerge -pv ">=dev-libs/cyrus-sasl-2.1.18-r2" # emerge ">=dev-libs/cyrus-sasl-2.1.18-r2"</code> </resolution> <references> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884">CAN-2004-0884</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0373">CVE-2005-0373</uri> </references> <metadata tag="submitter"> jaervosz </metadata> <metadata tag="bugReady" timestamp="2004-10-02T04:16:09Z"> lewk </metadata> </glsa>